General
-
Target
69876b8eb6f1c737b7e9fb871e8050ef.bin
-
Size
86KB
-
Sample
230123-r5te3sfc9s
-
MD5
1e06de0368ea5d9027ad5a9d37b16178
-
SHA1
a75d8b32cc04dc521f32d124ec6fc788436d9118
-
SHA256
cdcd218328855b099a8c344cfdd92eebe74b2cd90864e71a63be7c0bf3f9aa51
-
SHA512
a009881d99e9cda07819d24750f137b205338fef2e3d911730f6fe5784158d1883b99df5a98f380519727e26703a6a232cb620a10dcf85cc9a8a544228978dd7
-
SSDEEP
1536:tTEg3wcZSruGItIzM+GNkNdl/1jPrrV5N/e8WPjJuhb8a:tr3RSzItr+jJ1P13Gwz
Static task
static1
Behavioral task
behavioral1
Sample
9388bd306fa4c7b7d113d94f09ece73c78875fa7fb73c79de74f0919ba27b821.ps1
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
Default
xxxprofxxx.dnsdojo.com:5126
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
9388bd306fa4c7b7d113d94f09ece73c78875fa7fb73c79de74f0919ba27b821.ps1
-
Size
259KB
-
MD5
69876b8eb6f1c737b7e9fb871e8050ef
-
SHA1
539344815be0698ba89f851d21ca1ee3715f6919
-
SHA256
9388bd306fa4c7b7d113d94f09ece73c78875fa7fb73c79de74f0919ba27b821
-
SHA512
5600bbb7a06ba986a96c44c8f029219d2751c4a01678f3bb2d521177c36e63a4920e29bd7cf44cd2313cb5b84462c8fe4a474bd941b792fc93fc7ec9ec5d6316
-
SSDEEP
3072:U+aRBniWM5QBpDowmGcAk3ApX92FpmIKKyDs4f4nx2:HSBnU8owmGcAk3ApX92bMDsA4nx2
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-